如何刪除無Cookie域的Cookie

Question

我有一個名爲cdn.domain.com的子域，我從中爲CSS，JS和一些圖像提供服務。 當我運行Google Chrome的audit時，它說我可以通過從無Cookie域中提供這些文件來提高速度。 我已經在互聯網上搜索，發現大多是這樣的：

<FilesMatch "\.(js|css|jpg|png|jpeg|gif|xml|json|txt|pdf|mov|avi|otf|woff|ico|swf)$"> 
    RequestHeader unset Cookie 
    Header unset Cookie 
    Header unset Set-Cookie 
</FilesMatch> 

但是，當我在我的根內容添加到我的.htaccess，我看到我的要求沒有變化，當我添加這的的.htaccess cdn.domain.com，沒有任何反應。 當我看着請求頭，我總是看到這一點：

Cookie:__utma=124771992.1672641002.1393489852.1393489852.1393489852.1; __utmz=124771992.1393489852.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cve=7%2BOFANPFY6bPsm9274j8hJIz%2BPvLQRT%2FJZG9ftr2o7c%3D; cvp=dNuYumBN%2F642JaRgONUeEq1upp2y%2F%2FtDjt%2BBbV87W%2BA%3D 

的子域名是全球域名下的子目錄。 全球和子域有這樣的.htaccess：

# http://www.askapache.com/htaccess/htaccess.html 
## ERRORDOCUMENTS 
# http://askapache.com/htaccess/apache-status-code-headers-errordocument.html 
ErrorDocument 400 /include/html/errorPages/400.html 
ErrorDocument 403 /include/html/errorPages/403.html 
ErrorDocument 404 /include/html/errorPages/404.html 
ErrorDocument 500 /include/html/errorPages/500.html 

<IfModule mod_headers.c> 
    SetEnvIf Origin "http(s)?://(www\.)?(copperviper.com)$" AccessControlAllowOrigin=$0$1 
    Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin 
    Header set Access-Control-Allow-Credentials true 
</IfModule> 


<FilesMatch "\.(js|css|jpg|png|jpeg|gif|xml|json|txt|pdf|mov|avi|otf|woff|ico|swf)$"> 
    RequestHeader unset Cookie 
    Header unset Cookie 
    Header unset Set-Cookie 
</FilesMatch> 

order deny,allow 
deny from all 
allow from 62.132.244.73 

# Possible values for the Options directive are "None", "All", or any combination of: 
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews 
RewriteEngine On 
RewriteBase /cdn/ 

# REWRITE TO WWW 
RewriteCond %{REQUEST_URI} !^/robots\.txt$ [NC] 
RewriteCond %{HTTP_HOST} !^www\.[a-z-]+\.[a-z]{2,6} [NC] 
RewriteCond %{HTTP_HOST} ([a-z-]+\.[a-z]{2,6})$ [NC] 
RewriteRule ^/(.*)$ http://%1/$1 [R=301,L] 

# REWRITE TO SEF URL'S 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)/(.*)/(.*)/(.*) index.php?a=$1&b=$2&c=$3&d=$4 [QSA,L] 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)/(.*)/(.*) index.php?a=$1&b=$2&c=$3 [QSA,L] 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)/(.*) index.php?a=$1&b=$2 [QSA,L] 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*) index.php?a=$1 [QSA,L] 

# COMPRESSION 
SetOutputFilter DEFLATE 
AddOutputFilterByType DEFLATE text/plain text/html text/x-php text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript application/x-httpd-php application/octet-stream image/svg+xml application/font-woff image/svg+xml 

# REMOVE BROWSER BUGS 
BrowserMatch ^Mozilla/4 gzip-only-text/html 
BrowserMatch ^Mozilla/4\.0[678] no-gzip 
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html 
Header append Vary User-Agent 

# enable PHP error logging 
php_flag log_errors on 
php_flag display_startup_errors on 
php_flag display_errors on 
php_flag html_errors on 
php_value docref_root 3 
php_value docref_ext 3 

php_value upload_max_filesize 2000M 
php_value post_max_size 2000M 
php_value max_execution_time 200000 
php_value max_input_time 200000 

# CACHED FOREVER 
# MOD_REWRITE TO RENAME EVERY CHANGE 
ExpiresActive On 
ExpiresDefault A29030400 
Header set Cache-Control "public" 
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT" 
Header unset Last-Modified 

# PROTECT .htaccess 
<Files ~ "^.*\.([Hh][Tt][Aa])"> 
order allow,deny 
deny from all 
satisfy all 
</Files> 

# Commonly used filename extensions to character sets. 
AddDefaultCharset UTF-8 
DefaultLanguage en-US 

# Set the Time Zone of your Server 
SetEnv TZ Etc/GMT 

# ServerAdmin: This address appears on some server-generated pages, such as error documents. 
SetEnv SERVER_ADMIN bug@copper-viper.com 

# SEND CUSTOM HEADERS 
Header set P3P "policyref='http://www.askapache.com/w3c/p3p.xml'" 
Header set X-Pingback "http://www.askapache.com/xmlrpc.php" 
Header set Content-Language "en-US" 
Header set Vary "Accept-Encoding" 

# ADD VALUES FROM HTTP HEADERS 
SetEnvIfNoCase ^If-Modified-Since$ "(.+)" HTTP_IF_MODIFIED_SINCE=$1 
SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1 
SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1 
SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1 
SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1 
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 
SetEnvIfNoCase ^Cookie$ "(.+)" HTTP_MY_COOKIE=$1 

# Optionally add a line containing the server version and virtual host 
# name to server-generated pages (internal error documents, FTP directory 
# listings, mod_status and mod_info output etc., but not CGI generated 
# documents or custom error documents). 
# Set to "EMail" to also include a mailto: link to the ServerAdmin. 
# Set to one of: On | Off | EMail 
ServerSignature On 

## LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK 
#bytes, 0-2147483647(2GB) 
LimitRequestBody 10240000 

## MOST SECURE WAY TO REQUIRE SSL 
# http://www.askapache.com/htaccess/apache-ssl-in-htaccess-examples.html 
#SSLOptions +StrictRequire 
#SSLRequireSSL 
#SSLRequire %{HTTP_HOST} eq "askapache.com" 
#ErrorDocument 403 https://askapache.com 

# Safe Request Methods 
# Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD[403] 
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC] 
RewriteRule .* - [F,NS,L] 

# Forbid Proxies^
# Denies any POST Request using a Proxy Server. Can still access site, but not comment. http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/ 
RewriteCond %{REQUEST_METHOD} =POST 
RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR] 
RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$ 
RewriteRule .* - [F,NS,L] 

# HTTP PROTOCOL^
# Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only 
RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC] 
RewriteRule .* - [F,NS,L] 

# SPECIFY CHARACTERS^
# Denies any request for a url containing characters other than "a-zA-Z0-9.+/-?=&" - REALLY helps but may break your site depending on your links. 
RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ [a-zA-Z0-9\.\+_/\-\?\=\&]+\ HTTP/ [NC] 
RewriteRule .* - [F,NS,L] 

# BAD Content Length^
# Denies any POST request that doesnt have a Content-Length Header 
RewriteCond %{REQUEST_METHOD} =POST 
RewriteCond %{HTTP:Content-Length} ^$ 
RewriteRule .* - [F,NS,L] 

# BAD Content Type^
# Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data 
RewriteCond %{REQUEST_METHOD} =POST 
RewriteCond %{HTTP:Content-Type} !^(application/x-www-form-urlencoded|multipart/form-data.*(boundary.*)?)$ [NC] 
RewriteRule .* - [F,NS,L] 

# Missing HTTP_HOST^
# Denies requests that dont contain a HTTP HOST Header. 
RewriteCond %{HTTP_HOST} ^$ 
RewriteRule .* - [F,NS,L] 

# Bogus Graphics Exploit^
# Denies obvious exploit using bogus graphics 
RewriteCond %{HTTP:Content-Disposition} \.php [NC] 
RewriteCond %{HTTP:Content-Type} image/.+ [NC] 
RewriteRule .* - [F,NS,L] 

# No UserAgent, Not POST^
# Denies POST requests by blank user-agents. May prevent a small number of visitors from POSTING. 
RewriteCond %{REQUEST_METHOD} =POST 
RewriteCond %{HTTP_USER_AGENT} ^-?$ 
RewriteRule .* - [F,NS,L] 

我在做什麼錯在這裏？

Answer 1

這就是manual page for setcookie()解釋有關$domain說法：

域設置爲「www.example.com」將提供 在www子域和子域更高的餅乾。 可用於 較低網域的Cookie（例如'example.com'）可用於較高的 子網域，例如'www.example.com'。舊版瀏覽器仍然 實施棄用»RFC 2109可能需要領先。到 匹配所有子域名。

這意味着，在現代瀏覽器（我想這意味着幾乎所有的做法）爲domain.com任何Cookie集也將被髮送回瀏覽器來cdn.domain.com。這就是cookie規範的工作原理，我不認爲有一個乾淨的解決方案。

理想情況下，您的無Cookie域名應使用完全不同的頂級域名;或者您的網站應託管在一個子域中，例如www.domain.com，因此您可以微調cookie。我想在這一點上沒有任何合理的選擇，所以你可能不得不忍受它。